Original release date: September 25, 2015
Google has released Chrome version 45.0.2454.101 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of one of these vulnerabilities may allow a remote attacker to obtain sensitive information from an affected system.
Users and administrators are encouraged to review the Chrome Releases page and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
25th September, 2015
A security issue affects these releases of Ubuntu and its
derivatives:
USN-2746-1 introduced a regression in Simple Streams.
USN-2746-1 fixed a vulnerability in Simple Streams. The update caused a
regression preventing MAAS from downloading PXE images. This update fixes
the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Simple Streams did not properly perform gpg
verification in some situations. A remote attacker could use this to
perform a man-in-the-middle attack and inject malicious content into
the stream.
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart any services that
make use of python-simplestreams or python3-simplestreams to make
all the necessary changes.
WinRaR SFX remote code execution exploit that just requires a malicious file to get loaded.
The Good Mobile Device Management solution suffers from an insecure application-coupling vulnerability.
VuFind version 1.0 suffers from a cross site scripting vulnerability.
Posted by Profundis Labs on Sep 25
Profundis Labs Security Advisory
https://profundis-labs.com/advisories/CVE-2015-7323.txt
Product:
================================
Junos Pulse Secure Meeting
Secure Meeting is a part of the Junos Puls Collaboration software, which
allows you to organize and holding virtual meetings with internal and
external users via the Juniper Access Gateway.
Vulnerability Type:
===================
Insufficient Authorization Checks
CVE Reference:…
Posted by Profundis Labs on Sep 25
Profundis Labs Security Advisory
https://profundis-labs.com/advisories/CVE-2015-7323.txt
Product:
================================
Junos Pulse Secure Meeting
Secure Meeting is a part of the Junos Puls Collaboration software, which
allows you to organize and holding virtual meetings with internal and
external users via the Juniper Access Gateway.
Vulnerability Type:
===================
Insufficient Authorization Checks
CVE Reference:…
Junos Pulse Secure Meeting version 8.0.5 allows an attacker to enter “secure” meetings without knowledge of the password and the invitation link using the java fat client (meetingAppSun.jar).
4images versions 1.7.11 and below suffer from a persistent cross site scripting vulnerability.
Posted by Luis ‘Pope’ Gómez on Sep 25
You make an interesting point here, David.
About this topic, I would recommend this brilliant paper by Mr. Zdziarski:
http://www.zdziarski.com/blog/wp-content/uploads/2014/08/Zdziarski-iOS-DI-2014.pdf
I proposed a software solution to apply various mitigations in jailbroken
devices; including: deleting the pairing records (so that your iOS device
will not continue trusting other comptuers) and disabling a number of
services (for instance: if I…